exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	a3b360fc6c	DB: 2019-09-11 7 changes to exploits/shellcodes Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) LibreNMS - Collectd Command Injection (Metasploit) October CMS - Upload Protection Bypass Code Execution (Metasploit) Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection Enigma NMS 65.0.0 - SQL Injection Online Appointment - SQL Injection Enigma NMS 65.0.0 - SQL Injection Online Appointment - SQL Injection WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting Dolibarr ERP-CRM 10.0.1 - SQL Injection WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting Dolibarr ERP-CRM 10.0.1 - SQL Injection WordPress Plugin Photo Gallery 1.5.34 - SQL Injection WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)	2019-09-11 05:02:35 +00:00
Offensive Security	ad97ff4198	DB: 2019-09-07 3 changes to exploits/shellcodes SCO OpenServer 5.0.7 - MMDF deliver Privilege Escalation Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2) Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3) SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution FusionPBX 4.4.8 - Remote Code Execution Inventory Webapp - 'itemquery' SQL injection Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)	2019-09-07 05:02:21 +00:00
Offensive Security	835218237b	DB: 2019-09-06 2 changes to exploits/shellcodes AwindInc SNMP Service - Command Injection (Metasploit) Linux/x86 - TCP Reverse Shell 127.0.0.1 Nullbyte Free Shellcode	2019-09-06 05:02:26 +00:00
Offensive Security	b4225f5fa8	DB: 2019-08-31 12 changes to exploits/shellcodes SQL Server Password Changer 1.90 - Denial of Service Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service Asus Precision TouchPad 11.0.0.25 - Denial of Service VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service Canon PRINT 2.5.5 - Information Disclosure QEMU - Denial of Service Sentrifugo 3.2 - File Upload Restriction Bypass Sentrifugo 3.2 - Persistent Cross-Site Scripting DomainMod 4.13 - Cross-Site Scripting YouPHPTube 7.4 - Remote Code Execution WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting	2019-08-31 05:02:54 +00:00
Offensive Security	6adaedca69	DB: 2019-08-27 6 changes to exploits/shellcodes Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit) LSoft ListServ < 16.5-2018a - Cross-Site Scripting WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery	2019-08-27 05:02:18 +00:00
Offensive Security	a32e028b88	DB: 2019-08-13 17 changes to exploits/shellcodes VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow Linux - Use-After-Free Reads in show_numa_stats() WebKit - UXSS via XSLT and Nested Document Replacements Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit) ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit) ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit) Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit) BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting Cisco Adaptive Security Appliance - Path Traversal (Metasploit) UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion osTicket 1.12 - Persistent Cross-Site Scripting via File Upload osTicket 1.12 - Formula Injection osTicket 1.12 - Persistent Cross-Site Scripting Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)	2019-08-13 05:02:31 +00:00
Offensive Security	00f5094d48	DB: 2019-07-31 8 changes to exploits/shellcodes macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1 iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects WP Database Backup < 5.2 - Remote Code Execution (Metasploit) WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit) Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit) Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming	2019-07-31 05:02:25 +00:00
Offensive Security	2935a5c0af	DB: 2019-07-17 10 changes to exploits/shellcodes Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass) DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH) Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit) PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit) CentOS Control Web Panel 0.9.8.836 - Authentication Bypass CentOS Control Web Panel 0.9.8.836 - Privilege Escalation CentOS Control Web Panel 0.9.8.838 - User Enumeration	2019-07-17 05:02:03 +00:00
Offensive Security	894b9e59aa	DB: 2019-07-10 3 changes to exploits/shellcodes Firefox 67.0.4 - Denial of Service Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2) WordPress Plugin Like Button 1.6.0 - Authentication Bypass	2019-07-10 05:02:07 +00:00
Offensive Security	4afcc04eda	DB: 2019-07-02 24 changes to exploits/shellcodes Linux Mint 18.3-19.1 - 'yelp' Command Injection FaceSentry Access Control System 6.4.8 - Remote SSH Root WorkSuite PRM 2.4 - 'password' SQL Injection CiuisCRM 1.6 - 'eventType' SQL Injection Varient 1.6.1 - SQL Injection PowerPanel Business Edition - Cross-Site Scripting ZoneMinder 1.32.3 - Cross-Site Scripting SAP Crystal Reports - Information Disclosure Sahi pro 8.x - Directory Traversal CyberPanel 1.8.4 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 - Remote Root Exploit Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes) Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes) Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes) Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes) Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes) Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes) Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes) Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes) Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes) Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)	2019-07-02 05:01:50 +00:00
Offensive Security	ee2531c421	DB: 2019-06-27 2 changes to exploits/shellcodes Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)	2019-06-27 05:01:52 +00:00
Offensive Security	3ef90f18d0	DB: 2019-06-21 6 changes to exploits/shellcodes Linux - Use-After-Free via race Between modify_ldt() and #BR Exception Tuneclone 2.20 - Local SEH Buffer Overflow Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit) Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit) WebERP 4.15 - SQL injection BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection	2019-06-21 05:01:58 +00:00
Offensive Security	29aeb0c030	DB: 2019-06-12 5 changes to exploits/shellcodes ProShow 9.0.3797 - Local Privilege Escalation Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit) WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution phpMyAdmin 4.8 - Cross-Site Request Forgery Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting	2019-06-12 05:01:53 +00:00
Offensive Security	85fbab2de4	DB: 2019-06-08 5 changes to exploits/shellcodes Nvidia GeForce Experience Web Helper - Command Injection Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3) Exim 4.87 < 4.91 - (Local / Remote) Command Execution Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)	2019-06-08 05:01:56 +00:00
Offensive Security	e76aee5eaf	DB: 2019-06-06 4 changes to exploits/shellcodes Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit) LibreNMS - addhost Command Injection (Metasploit) Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery	2019-06-06 05:01:56 +00:00
Offensive Security	2ae6cf2b7f	DB: 2019-05-04 9 changes to exploits/shellcodes SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Windows PowerShell ISE - Remote Code Execution Blue Angel Software Suite - Command Execution Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection Instagram Auto Follow - Authentication Bypass Zotonic < 0.47.0 mod_admin - Cross-Site Scripting Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution Linux/x86 - Reverse Shell Shellcode (91 Bytes) + Python Wrapper Linux/x86 - Openssl Encrypt Files With aes256cbc Shellcode (185 bytes)	2019-05-04 05:02:03 +00:00
Offensive Security	43c06dc5d4	DB: 2019-05-03 2 changes to exploits/shellcodes Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)	2019-05-03 05:02:04 +00:00
Offensive Security	fd2946662d	DB: 2019-04-13 7 changes to exploits/shellcodes CyberArk EPM 10.2.1.603 - Security Restrictions Bypass Microsoft Internet Explorer 11 - XML External Entity Injection Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit) Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit) ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit) Linux/x86 - Add User to Passwd File Shellcode (149 bytes)	2019-04-13 05:02:03 +00:00
Offensive Security	880bbe402e	DB: 2019-03-08 14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)	2019-03-08 05:01:50 +00:00
Offensive Security	40a94aad26	DB: 2019-02-04 4 changes to exploits/shellcodes Tiki Wiki 15.1 - File Upload (Metasploit) LibSSH 0.7.6 / 0.8.4 - Unauthorized Access Tiki Wiki 15.1 - File Upload (Metasploit)	2019-02-04 05:01:42 +00:00
Offensive Security	6e7548ed0d	DB: 2019-01-25 10 changes to exploits/shellcodes Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC) AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit) Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Joomla! Component JHotelReservation 6.0.7 - SQL Injection SimplePress CMS 1.0.7 - SQL Injection SirsiDynix e-Library 3.5.x - Cross-Site Scripting Splunk Enterprise 7.2.3 - Authenticated Custom App RCE ImpressCMS 1.3.11 - 'bid' SQL Injection Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery	2019-01-25 05:01:41 +00:00
Offensive Security	2ad3a5e94e	DB: 2019-01-22 11 changes to exploits/shellcodes Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer Echo Mirage 3.1 - Buffer Overflow (PoC) GattLib 0.2 - Stack Buffer Overflow Kepler Wallpaper Script 1.1 - SQL Injection Coman 1.0 - 'id' SQL Injection Reservic 1.0 - 'id' SQL Injection MoneyFlux 1.0 - 'id' SQL Injection PHP Dashboards NEW 5.8 - 'dashID' SQL Injection PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection	2019-01-22 05:01:54 +00:00
Offensive Security	e8dcb9f022	DB: 2019-01-03 12 changes to exploits/shellcodes EZ CD Audio Converter 8.0.7 - Denial of Service (PoC) NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC) WebKit JSC - 'AbstractValue::set' Use-After-Free WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write Ayukov NFTP FTP Client 2.0 - Buffer Overflow Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) Hashicorp Consul - Remote Command Execution via Services API (Metasploit) WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Frog CMS 0.9.5 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Craft CMS 3.0.25 - Cross-Site Scripting bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Vtiger CRM 7.1.0 - Remote Code Execution	2019-01-03 05:01:43 +00:00
Offensive Security	60710bbfd9	DB: 2018-12-05 19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	2018-12-05 05:01:44 +00:00
Offensive Security	62445895aa	DB: 2018-11-30 8 changes to exploits/shellcodes WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit) Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit) Mac OS X - libxpc MITM Privilege Escalation (Metasploit) PHP imap_open - Remote Code Execution (Metasploit) TeamCity Agent - XML-RPC Command Execution (Metasploit)	2018-11-30 05:01:41 +00:00
Offensive Security	15b77b5965	DB: 2018-10-30 33 changes to exploits/shellcodes Navicat 12.0.29 - 'SSH' Denial of Service (PoC) AlienIP 2.41 - Denial of Service (PoC) Local Server 1.0.9 - Denial of Service (PoC) systemd - reexec State Injection systemd - chown_one() can Dereference Symlinks ASRock Drivers - Privilege Escalation Modbus Slave 7.0.0 - Denial of Service (PoC) School Equipment Monitoring System 1.0 - 'login' SQL Injection Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC) Paramiko 2.4.1 - Authentication Bypass Open Faculty Evaluation System 5.6 - 'batch_name' SQL Injection Grapixel New Media 2 - 'pageref' SQL Injection Library Management System 1.0 - 'frmListBooks' SQL Injection Open Faculty Evaluation System 7 - 'batch_name' SQL Injection Card Payment 1.0 - Cross-Site Request Forgery (Update Admin) MTGAS MOGG Web Simulator Script - SQL Injection Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery Curriculum Evaluation System 1.0 - SQL Injection Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection School Event Management System 1.0 - SQL Injection School Event Management System 1.0 - Arbitrary File Upload School Event Management System 1.0 - Cross-Site Request Forgery (Update Admin) School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin) School Attendance Monitoring System 1.0 - Arbitrary File Upload School Attendance Monitoring System 1.0 - SQL Injection PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection RhinOS CMS 3.x - Arbitrary File Download E-Negosyo System 1.0 - SQL Injection SaltOS Erp Crm 3.1 r8126 - SQL Injection SaltOS Erp Crm 3.1 r8126 - SQL Injection (2) SaltOS Erp Crm 3.1 r8126 - Database File Download K-iwi Framework 1775 - SQL Injection	2018-10-30 05:01:46 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	60464134cb	DB: 2018-10-20 1 changes to exploits/shellcodes libSSH - Authentication Bypass PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin) PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)	2018-10-20 05:01:44 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	76af808136	DB: 2018-09-08 6 changes to exploits/shellcodes DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH) iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH) Tenable WAS-Scanner 7.4.1708 - Remote Command Execution D-Link Dir-600M N150 - Cross-Site Scripting MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal QNAP Photo Station 5.7.0 - Cross-Site Scripting	2018-09-08 05:01:54 +00:00
Offensive Security	32f471140a	DB: 2018-09-06 18 changes to exploits/shellcodes Microsoft people 10.1807.2131.0 - Denial of service (PoC) GNU glibc < 2.27 - Local Buffer Overflow UltraISO 9.7.1.3519 - Buffer Overflow (SEH) JBoss 4.2.x/4.3.x - Information Disclosure Git < 2.17.1 - Remote Code Execution FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH) Monstra CMS 3.0.4 - Remote Code Execution OpenDaylight - SQL Injection Tenda ADSL Router D152 - Cross-Site Scripting Pivotal Spring Java Framework < 5.0 - Remote Code Execution	2018-09-06 05:01:55 +00:00
Offensive Security	18e2848633	DB: 2018-08-28 25 changes to exploits/shellcodes Firefox 55.0.3 - Denial of Service (PoC) Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC) Libpango 1.40.8 - Denial of Service (PoC) Adobe Flash - AVC Processing Out-of-Bounds Read Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP) CuteFTP 5.0 - Buffer Overflow Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit) OpenSSH 7.7 - Username Enumeration OpenSSH 2.3 < 7.7 - Username Enumeration Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Node.JS - 'node-serialize' Remote Code Execution Electron WebPreferences - Remote Code Execution HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit) Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting Sentrifugo HRMS 3.2 - 'deptid' SQL Injection WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin) RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin) LiteCart 2.1.2 - Arbitrary File Upload Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection Responsive FileManager < 9.13.4 - Directory Traversal WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection	2018-08-28 05:01:59 +00:00
Offensive Security	8750f2fdd7	DB: 2018-08-22 6 changes to exploits/shellcodes Project64 2.3.2 - Denial Of Service (PoC) Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution OpenSSH 7.7 - Username Enumeration WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Twitter-Clone 1 - 'userid' SQL Injection Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit) Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post) Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection	2018-08-22 05:01:45 +00:00
Offensive Security	16744756bc	DB: 2018-08-18 10 changes to exploits/shellcodes TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC) CEWE Photoshow 6.3.4 - Denial of Service (PoC) Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl Microsoft Edge Chakra JIT - Scope Parsing Type Confusion Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion OpenSSH 2.3 < 7.4 - Username Enumeration (PoC) Mikrotik WinBox 6.42 - Credential Disclosure (golang) Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit) Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection ADM 3.1.2RHG1 - Remote Code Execution	2018-08-18 05:01:47 +00:00
Offensive Security	903bf974eb	DB: 2018-08-02 10 changes to exploits/shellcodes ipPulse 1.92 - 'Licence Key' Denial of Service (PoC) Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC) WebRTC - VP8 Block Decoding Use-After-Free WebRTC - FEC Processing Overflow WebRTC - H264 NAL Packet Processing Type Confusion Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH) Axis Network Camera - .srv to parhand RCE (Metasploit) SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) Synology DiskStation Manager 4.1 - Directory Traversal Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)	2018-08-02 05:02:43 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	b374aca9a3	DB: 2018-07-14 10 changes to exploits/shellcodes G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Microsoft Windows - POP/MOV SS Local Privilege Elevation (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) IBM QRadar SIEM - Remote Code Execution (Metasploit) Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit) Apache CouchDB - Arbitrary Command Execution (Metasploit) phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit) Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Dolibarr 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM 3.2.0 < Alpha - File Inclusion Dolibarr ERP/CRM - OS Command Injection Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection Dolibarr ERP/CMS 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection Dolibarr CMS 3.5.3 - Multiple Vulnerabilities Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities Dolibarr CMS 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM 3.0 - Local File Inclusion / Cross-Site Scripting Dolibarr ERP/CRM - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM - '/admin/boxes.php?rowid' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/user/index.php' Multiple SQL Injections Dolibarr ERP/CRM 3.1.0 - '/user/info.php?id' SQL Injection Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection Dolibarr CMS 3.x - '/adherents/fiche.php' SQL Injection Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection Dolibarr CMS 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Dolibarr 7.0.0 - SQL Injection Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution WAGO e!DISPLAY 7300T - Multiple Vulnerabilities QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery	2018-07-14 05:01:50 +00:00
Offensive Security	02fa7c70d3	DB: 2018-07-11 9 changes to exploits/shellcodes HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) HID discoveryd - 'command_blink_on' Unauthenticated Remote Code Execution (Metasploit) OpenSSH < 6.6 SFTP (x64) - Command Execution OpenSSH < 6.6 SFTP - Command Execution ModSecurity 3.0.0 - Cross-Site Scripting Gitea 1.4.0 - Remote Code Execution WolfSight CMS 3.2 - SQL Injection Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution Elektronischer Leitz-Ordner 10 - SQL Injection D-Link DIR601 2.02 - Credential Disclosure	2018-07-11 05:01:52 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	11ecb9c031	DB: 2018-06-22 4 changes to exploits/shellcodes Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution VideoInsight WebClient 5 - SQL Injection LFCMS 3.7.0 - Cross-Site Request Forgery (Add User) LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)	2018-06-22 05:01:45 +00:00
Offensive Security	de3b5004b9	DB: 2018-06-14 6 changes to exploits/shellcodes Microsoft Windows 10 - Child Process Restriction Mitigation Bypass glibc - 'realpath()' Privilege Escalation (Metasploit) RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation DHCP Client - Command Injection (DynoRoot) (Metasploit) MACCMS 10 - Cross-Site Request Forgery (Add User) Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload	2018-06-14 05:01:45 +00:00
Offensive Security	61159b7f3e	DB: 2018-06-05 5 changes to exploits/shellcodes R 3.4.4 - Local Buffer Overflow RGui 3.4.4 - Local Buffer Overflow Zip-n-Go 4.9 - Buffer Overflow (SEH) Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) CyberArk < 10 - Memory Disclosure GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) SearchBlox 8.6.7 - XML External Entity Injection EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting	2018-06-05 05:01:52 +00:00
Offensive Security	22ba7ab5f3	DB: 2018-06-02 5 changes to exploits/shellcodes Epiphany 3.28.2.1 - Denial of Service Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader Sony Playstation 4 (PS4) 5.1 - Kernel (PoC) Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP) Git < 2.17.1 - Remote Code Execution Wordpress Plugin Events Calendar - SQL Injection WordPress Plugin Events Calendar - SQL Injection Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes) Linux/x86 - Egghunter + Null-Free Shellcode (11 Bytes) Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes) Linux/x86 - Egghunter (0xdeadbeef) + access() + execve(/bin/sh) Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (105 bytes) Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)	2018-06-02 05:01:45 +00:00
Offensive Security	5aca1b9763	DB: 2018-05-18 8 changes to exploits/shellcodes Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall Libuser - roothelper Privilege Escalation (Metasploit) Libuser - 'roothelper' Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Jenkins CLI - HTTP Java Deserialization (Metasploit) Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit) NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Intelbras NCLOUD 300 1.0 - Authentication bypass SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery	2018-05-18 05:01:49 +00:00
Offensive Security	be89b7c04a	DB: 2018-05-03 11 changes to exploits/shellcodes WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free LibreOffice/Open Office - '.odt' Information Disclosure Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) ASUS infosvr - Auth Bypass Command Execution (Metasploit) ASUS infosvr - Authentication Bypass Command Execution (Metasploit) Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) xdebug < 2.5.5 - Unauthenticated OS Command Execution (Metasploit) Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit) Metasploit Framework - 'msfd' Remote Code Execution (Metasploit) Exim < 4.90.1 - 'base64d' Remote Code Execution Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit) Cockpit CMS 0.4.4 < 0.5.5 - Server-Side Request Forgery	2018-05-03 05:01:45 +00:00
Offensive Security	a8b515dd6d	DB: 2018-04-13 3 changes to exploits/shellcodes F5 BIG-IP SSL Virtual Server - Memory Disclosure F5 BIG-IP SSL Virtual Server - 'Ticketbleed' Memory Disclosure F5 BIG-IP 11.6 SSL Virtual Server - 'Ticketbleed' Memory Disclosure Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)	2018-04-13 05:01:51 +00:00
Offensive Security	c91cad5a90	DB: 2018-04-10 19 changes to exploits/shellcodes WebKit - WebAssembly Parsing Does not Correctly Check Section Order CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure H2 Database - 'Alias' Arbitrary Code Execution GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) PMS 0.42 - Local Stack-Based Overflow (ROP) Unitrends UEB 10.0 - Unauthenticated Root Remote Code Execution WolfCMS 0.8.3.1 - Cross Site Request Forgery Cobub Razor 0.7.2 - Add New Superuser Account MyBB Plugin Recent Threads On Index - Cross-Site Scripting WolfCMS 0.8.3.1 - Open Redirection Yahei PHP Prober 0.4.7 - Cross-Site Scripting WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution iScripts SonicBB 1.0 - Reflected Cross-Site Scripting WordPress Plugin Google Drive 2.2 - Remote Code Execution	2018-04-10 05:01:53 +00:00
Offensive Security	4fd08ae698	DB: 2018-03-29 6 changes to exploits/shellcodes TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC) TwonkyMedia Server 7.0.11-8.5 - Directory Traversal TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting Microsoft Windows Remote Assistance - XML External Entity Injection Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change Open-AuditIT Professional 2.1 - Cross-Site Scripting	2018-03-29 05:01:52 +00:00

1 2 3

109 commits